Significant Threat
IP 45.135.232.92 is a high-risk address operated by Proton66 OOO within Russian autonomous system AS198953, definitively linked to SSH brute-force attack activity detected across 20 automated honeypot sensors over approximately five months of sustained observation.
Security telemetry reveals a substantial abuse record for this address, with 2,330 total reports filed against it since August 2025 through January 2026. The activity frequency score of zero out of ten, despite this high report volume, indicates the malicious behaviour occurs in concentrated bursts rather than continuous bombardment—a pattern consistent with automated credential-stuffing campaigns that throttle their requests to evade basic rate-limiting. The 59% confidence score reflects that while the SSH attack signature is clear and repeated, some ambiguity remains about the full scope of the operator's intentions. The geographic concentration in Russia and the reported association with Proton66 OOO place this IP within a known transit provider that has attracted considerable community scrutiny for hosting aggressive scanning infrastructure.
The dominant threat category, SSH, represents a direct assault on server access controls. Attackers systematically probe exposed SSH daemons, cycling through common username-password combinations or leveraging known weak credentials in an attempt to establish an authenticated session. A successful compromise grants the attacker a foothold on the target system, potentially enabling data exfiltration, lateral movement within networks, or the deployment of secondary payloads such as cryptocurrency miners or ransomware. The honeypot detection confirms this address is actively engaged in such reconnaissance rather than coincidental traffic.
Site operators with exposed SSH services should treat connections from this address as hostile and block it at the firewall or network edge. Key-based authentication should replace password authentication entirely, the default SSH port should be changed from 22, and root login via SSH should be disabled. Deploying intrusion-prevention tools such as fail2ban to automatically ban IPs after repeated failed authentication attempts provides an additional layer of automated defence. Continuous monitoring of authentication logs for unusual patterns originating from this address remains advisable given the sustained volume of reports.
RO 
PH 
UA 
VN